ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Infracore LLC are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Infracore LLC at (858) 509-1970.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, August 16 2018

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Google Business computing Microsoft Software Malware Network Security Backup Hackers Windows 10 Internet Data Tech Term Hardware Innovation Smartphones Hosted Solutions Business Email Android Managed IT Services Small Business Browser Alert Business Continuity VoIP Mobile Devices Ransomware Outsourced IT Computers Disaster Recovery Business Management User Tips Cloud Computing Data Backup Smartphone Computer Office Efficiency IT Services Law Enforcement Cybercrime Miscellaneous Communications Productivity Router Managed IT Services Telephone Systems Social Media Collaboration Cybersecurity Chrome How To Password Facebook Virtualization Windows Productivity Network Data Recovery Money Artificial Intelligence Passwords App Internet of Things Gadgets Social Engineering Office 365 Quick Tips Upgrade Work/Life Balance Communication Health IT Support Bring Your Own Device Microsoft Office Private Cloud Holiday Vulnerability Hacking Spam Wi-Fi Windows 10 Google Drive Applications Data Protection Mobile Device Management Automation Saving Money Data Breach Workplace Tips Apps Two-factor Authentication Phishing HaaS Connectivity IT Support Data Security Office Tips Word Entertainment VPN Remote Monitoring Remote Computing Save Money USB Value Managed IT Managed Service Provider Networking Government Windows 7 Flexibility BDR Information Employer-Employee Relationship Paperless Office Comparison BYOD Keyboard Charger Website CES Legal Public Cloud Mobility Patch Management Automobile Data Storage Cleaning Content Management OneNote Worker Redundancy Scam Data Management IT Management End of Support Spam Blocking Big Data Business Intelligence Avoiding Downtime Computer Care Blockchain History Mobile Device Marketing Update Identity Theft IT Plan Infrastructure Operating System Battery Samsung Electronic Medical Records Unsupported Software PDF Server Bandwidth Advertising Computer Accessories Password Manager Windows 10s Windows Server 2008 Worker Commute Television Workforce Screen Mirroring Leadership Wireless Charging Devices HBO Document Management Education Trending Human Resources Root Cause Analysis Relocation User Error Conferencing Software Tips Black Market Vendor Management Google Docs FENG Telephony Firewall Cryptocurrency Fraud Access Control Bluetooth Business Mangement Monitor Emergency Servers Public Computer Accountants Cast Scalability Save Time Cortana Thought Leadership Settings Outlook Troubleshooting Computing Infrastructure Loyalty Staff Botnet Emails Wireless Internet Skype Smart Technology Safe Mode Current Events Amazon Authentication Wireless Gmail Solid State Drive Flash HVAC Telecommuting Humor Internet Exlporer Managed Service Google Apps Frequently Asked Questions Machine Learning SaaS Specifications Meetings Travel Nanotechnology Experience Wire Voice over Internet Protocol Start Menu Files Best Practice Two Factor Authentication Virtual Assistant Knowledge Amazon Web Services Hybrid Cloud Risk Management Recovery Recycling Audit Data storage Enterprise Content Management Remote Work Practices Information Technology Hiring/Firing MSP Workers Addiction Excel Techology YouTube Users Digital Signature Online Shopping Smart Tech IT solutions Physical Security Music Sports Tools Telephone System Content Network Congestion Apple Politics Search Rootkit eWaste Computer Fan Sync Transportation Password Management Safety Hosted Computing Internet exploMicrosoft Instant Messaging Employer Employee Relationship File Sharing Cache Tip of the week Books Virtual Reality Assessment Millennials Encryption Data loss IT Consultant Evernote Wearable Technology Smart Office Multi-Factor Security HIPAA Downtime Video Games Audiobook iPhone How to Training Criminal The Internet of Things Benefits NIST Credit Cards Inventory webinar Augmented Reality Managing Stress Regulation Congratulations Twitter Webinar CrashOverride Company Culture Thank You Compliance WiFi

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

JeffereyANoah 5 Useful Cloud Apps for Small Businesses
15 August 2018
Sharing these type stuff is very useful and hope you will provide us more like this one. I come here...
Jared Albert VoIP Delivers Benefits That a Traditional Phone System Can’t
13 August 2018
A traditional telephone system is installed for the happiness of the people. Majority of the concern...
Meredith Maddox Tip of the Week: Tip of the Week: Mirror or Cast Your Android Device’s Screen
08 August 2018
Android mobile phones are top of the list now a days every one wants to buy android phone. It’s a bi...
MarianneJCruz Tip of the Week: Got a Solid State Drive? Here’s How to Take Care of It
31 July 2018
What a review https://www.uk.com/how-do-you-do.html
Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.